Mouseover Exploit Spreads Porn on Twitter

I photoshopped this.

Twitter users who read and write using the twitter.com website got a nasty surprise this morning: a JavaScript exploit was causing their accounts to retweet spam and porn, just by dragging their cursor over a link (or in some cases, anywhere on the Twitter.com screen).

The security flaw allowed popups and websites (like porn) to load in your browser just by mousing over infected tweets. Some tweets were even coded in colorful blocks of text to entice users, according to Sophos, a security vendor who discovered the exploit. The problem was confined to Twitter.com’s old interface — not the new Twitter website that launched last week.

It seems as though at least most users who read and post with clients using the Twitter API were unaffected — that is, apart from reading a bunch of garbage, linky tweets and retweets from their friends. The mobile version of the website appears to be okay, too.

This reinforces my longstanding belief that web browsers’ only legitimate use on the desktop is for viewing and watching porn (including, naturally, technology-and-gadget porn, like what you find here at Wired.com –TC); client applications, whether on a personal computer or a mobile device, are ideally suited for consuming and exchanging information.

All I’m saying is, if you’re going to buggy, information-hungry websites called things like “twitter.com,” you deserve what you get. Although, on the other hand, employees who are allowed (or professionally compelled) to read Twitter now have a perfect excuse: “No, I wasn’t trying to look at porn at work. Must be another Twitter hack.” Let’s hope the next hack redirects users to fantasy football sites.